package com.jy.adscm.security.browser;


import com.jy.adscm.security.browser.authentication.FormAuthenticationConfig;
import com.jy.adscm.security.properties.SecurityConstants;
import com.jy.adscm.security.service.SecurityLoginUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

/**
 * 浏览器环境下的安全主类
 * @author yyy
 * @date 2018年7月26日
 */
@Component
//@EnableGlobalMethodSecurity(prePostEnabled=true)//是否开启基于方法的权限控制
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    FormAuthenticationConfig formAuthenticationConfig;

    @Autowired
    SecurityLoginUserService securityLoginUserService;

    @Autowired
    AccessDeniedHandler adscmUrlAccessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        formAuthenticationConfig.configure(http);

        http.authorizeRequests()
                .antMatchers(SecurityConstants.DEFAULT_USERS_URLS)
                .access("@securityLoginUserService.isLogin(request)")
                .and()
                ////////////////////////////////
//                .authorizeRequests().antMatchers("/adscm/hcplan/**"/*,"/adscm/system/menu/ttt/*"*/)
//                .permitAll()
//                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_ZLTX_DRAWING)
                .permitAll()
                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_ALL_MENU_SRC_URL,SecurityConstants.DEFAULT_LOGOUT_URL,SecurityConstants.DEFAULT_QUERY_ALL_USER)
                .access("@securityLoginUserService.isLogin(request)")
                .and()
                //质量体系所有
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_ZLTX)
                .access("@securityLoginUserService.isLogin(request)")
                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_OPERATION)
                .access("@securityLoginUserService.isLogin(request)")
                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_REQUEST_URL_PREFIX + "/**")
                .access("@securityLoginUserService.isLogin(request) and @securityLoginUserService.hasPermission(request)")
                .and()
                .exceptionHandling().accessDeniedHandler(adscmUrlAccessDeniedHandler)
                .and()
                .csrf().disable();

    }


}
